What's new in aisbom-cli

What's new

• Disable Rich Auto-Highlighting: Fixed a visual formatting bug where Rich's default Console parser automatically colorized path-like substrings, IP addresses, and numbers inside plain f-strings (e.g. coloring parts of "aisbom 1.0.4" or "(CycloneDX v1.6)" cyan). Setting highlight=False ensures CLI output displays exactly as authored, while manual Rich formatting markup tags remain supported.
• Upgraded Dependencies: Integrates the 5 recently merged Dependabot dependency and security updates (including click, torch, packaging, typer, and pyinstaller).

What's not changing

All core scanner rules, exit codes, SBOM output schemas, and command signatures are identical to v1.0.3.

What's new

• Fix Early-Exception Crashes: Fixed a bug where a failed file open operation (due to permission errors, broken symlinks, or file deletions) during PyTorch, SafeTensors, or GGUF inspections triggered an UnboundLocalError inside their clean-up code. The scanner now gracefully logs the file system error in the scan metadata instead of crashing and throwing a false cli_error event.
• Security Update: Updated the transitive dependency idna to version 3.16 to resolve a medium-severity vulnerability (CVE-2026-45409 / GHSA-65pc-fj4g-8rjx).
• Aligned Versioning: Formally aligned the CLI versioning under the v1.x.x release line to match the GitHub Action's releases, preventing version order issues on GitHub and the website changelog.
• Release Guidelines: Added a formalized release process document in docs/release-process.md.

What's not changing

All core scanner rules, exit codes, SBOM output schemas, and command signatures are identical to v0.10.0.

Patch release. Two e2e-discovered bugs in v1.0.1 fixed: inputs are now passed positionally so we don't depend on POSIX-illegal env var names with hyphens, and the entrypoint uses bash so PIPESTATUS captures the scan's exit code (not tee's). The fail-on-risk gate works correctly now.

Patch release. Action correctly reads inputs.github-token (and the other hyphenated inputs) from the Docker container env. v1.0.0's comment-posting step silently no-op'd because the token resolved to empty. No API or behavior changes beyond fixing the comment post.

First Marketplace release of the AIsbom Security Scanner Action.

What it does

Scans ML model artifacts (.pt, .safetensors, .gguf) in your PRs for pickle-bomb malware, license risk, and silent drift. Posts a single idempotent comment to the PR summarizing findings, with a link to the hosted viewer at aisbom.io. Re-runs update the same comment in place via a hidden marker — you'll never see stacked AIsbom comments on the same PR.

Uses aisbom-cli 0.10.0 under the hood, installed inside the Action's Docker image.

Quick start

See README_ACTION.md for the full workflow snippet, inputs/outputs reference, permissions block, and troubleshooting.

Minimum permissions in the consuming workflow:

permissions:
  contents: read
  pull-requests: write

Pin via Lab700xOrg/aisbom@v1 (floating) or Lab700xOrg/aisbom@v1.0.0 (immutable).

Telemetry

Two new events (github_action_run and github_action_comment_posted) fire from the Action container. Honors AISBOM_NO_TELEMETRY=1 like the CLI.

What's new

Two changes you'll see on every successful scan.

• Acquisition footer. Every aisbom scan now ends with a "Next steps" panel pointing at the right place to view your SBOM (your hosted share URL if you used --share, otherwise the drag-and-drop offline viewer) and at the rolling AISBOM advisories page for the AI/ML supply chain. Recurring re-engagement vector; no scan output formats changed.
• Friendlier help surface. Several small --help improvements based on a coverage audit of recently shipped features:
  • New top-level --version / -V flag — print the installed version without spinning up aisbom info.
  • Top-level help now documents the AISBOM_NO_TELEMETRY=1 env-var opt-out directly (no more "read the README" friction).
  • --share help text now explicitly calls out that uploaded SBOMs are publicly viewable and expire after 30 days. --share-yes is flagged as CI/CD-only with a warning about interactive use.
  • aisbom info adds a Telemetry: line showing current state (enabled vs opted-out) — one canonical place to confirm whether events are firing.
  • scan target arg spells out all three forms with concrete examples (local dir, HTTP(S) URL, hf:// slug).

Privacy: attribution tagging

The new footer URLs include ?ref=cli so we can measure CLI → web conversion in GA4 Acquisition. This tag is automatically stripped when AISBOM_NO_TELEMETRY=1 is set — opt-out users still see the URLs (still useful), just without attribution.

What's not changing

Scanner behavior, exit codes, output formats, the --share flow, and what data is collected — all identical to 0.9.x. The footer replaces the previous "Visualize this report" panel; everything else in scan output is unchanged.

Opting out

# Permanent
export AISBOM_NO_TELEMETRY=1

# One invocation
AISBOM_NO_TELEMETRY=1 aisbom scan ./my-project

What's new

Friendlier first-touch experience. Two small changes that make the first 30 seconds with AIsbom click.

• Concrete-example default command. Running aisbom with no arguments now prints a one-screen quickstart with a working example (aisbom scan hf://google-bert/bert-base-uncased) instead of Typer's auto-generated help dump. aisbom --help still shows the full command reference for power users.

• Zero-install path documented. New "Zero-Install (pipx run)" section in the README and a third install option on aisbom.io. Try AIsbom without committing to a system install:

  pipx run --spec aisbom-cli aisbom scan hf://google-bert/bert-base-uncased
  

Housekeeping

• CI: bumped softprops/action-gh-release from v2 to v3 in the binary-release workflow.

What's not changing

Scanner behavior, exit codes, output formats, the --share flow, telemetry events, and what data is collected — all identical to 0.9.1. The default-command change is presentation-only; scripts that parse aisbom no-args output should already be relying on --help instead.

What's new

Telemetry default-flip — Anonymous CLI usage telemetry is now on by default.

• The AISBOM_TELEMETRY_V2=1 opt-in introduced in 0.8.x has been retired after a successful soak. The single lever from now on is the opt-out: AISBOM_NO_TELEMETRY=1.
• No new events, no new fields, no change to what's collected — the schema shipped in 0.8.x continues unchanged. See the Telemetry & Privacy section in the README for the full list.
• If you previously set AISBOM_TELEMETRY_V2=1 in your shell rc or CI environment, you can remove it; it's now a no-op.

What's not changing

Scanner behavior, exit codes, output formats, the --share flow shipped in 0.9.0, and what data is collected — all identical to 0.9.0.

Opting out

# Permanent
export AISBOM_NO_TELEMETRY=1

# One invocation
AISBOM_NO_TELEMETRY=1 aisbom scan ./my-project

What's new

Shareable SBOM URLs — Instantly generate a secure, hosted viewer link for your SBOM by appending the --share flag to your scan.

• Privacy-first: Includes a strict confirmation prompt before uploading, unless explicitly bypassed with --share-yes for CI/CD pipelines.
• Telemetry: Added cli_share_created event tracking the has_share_yes parameter to measure bypass usage.
• Safe Empty Scans: Automatically aborts upload if the target path is empty and no artifacts or dependencies are discovered.
• Documentation: Added a new "Share Your SBOM" section to the README and updated the Telemetry & Privacy section to reflect the opt-in upload behavior (data retained for 30 days).

What's not changing

Scanner behavior, exit codes, output formats — all identical to v0.8.x.

Telemetry behavior remains the same as v0.8.0.

What's new

• CLI telemetry preview — opt-in via AISBOM_TELEMETRY_V2=1. Off by default in this release while we soak the pipeline.
• New events: cli_install_first_seen, cli_scan (with target_type, model_format, risk_level_max, scan_duration_ms, file_count, parse_error_count, strict_mode), cli_scan_critical_found, cli_strict_mode, cli_diff, cli_error (exception class name only).
• Anonymous user_id (SHA-256 of MAC + salt, 16 hex chars) stored in ~/.aisbom/config.json for returning-user analytics.
• New "Telemetry & Privacy" section in README documenting the full schema, where data goes, and how to opt out.

Privacy

Set AISBOM_NO_TELEMETRY=1 to disable telemetry entirely. This setting wins over every other gate. The opt-out is forward-compatible — it'll work the same way after the next release flips the default.

What's not changing

• Scanner behavior, exit codes, output formats — all identical to v0.7.x.
• aisbom-cli 0.7.x clients keep working unchanged against the deployed Worker.

Next release

Will flip telemetry to default-on, with AISBOM_NO_TELEMETRY=1 documented as the opt-out.

Summary This release stabilizes the CI/CD pipeline, ensuring reliable multi-architecture builds and automated publishing.

Changelog

• Fix(CI): Implemented "Rosetta Strategy" for macOS Intel builds (macos-14 host + x64 python architecture).
• Fix(CI): Resolved Resource not accessible by integration error in publish.yml by replacing API calls with authenticated git commands for tagging.
• Fix(CI): Corrected YAML syntax error (duplicate key) in binaries.yml.

Artifacts

• aisbom-linux-amd64
• aisbom-macos-amd64 (Intel compatible)
• aisbom-macos-arm64 (Apple Silicon native)

Summary This release revamps the macOS build pipeline to ensure reliable delivery of Intel binaries by leveraging Apple Silicon runners with Rosetta 2.

Changelog

• Fix(CI): Switched the build strategy to use macos-14 (Apple Silicon) for ALL macOS builds.
  • Intel (amd64): Built using python-architecture: x64, running via Rosetta 2 on the M1/M2 host.
  • Silicon (arm64): Built natively.
  • Why? This bypasses the instability/unavailability of legacy Intel runners on GitHub Actions.

Artifacts

• aisbom-linux-amd64
• aisbom-macos-amd64 (Intel compatible)
• aisbom-macos-arm64 (Apple Silicon native)

This patch release addresses a build pipeline failure for macOS Intel binaries.

Changelog

Fix(CI): Downgraded the macOS Intel runner from macos-13 to macos-12 to resolve "configuration not supported" errors in GitHub Actions.

Artifacts This release should correctly generate:

aisbom-linux-amd64 aisbom-macos-amd64 (Intel) aisbom-macos-arm64 (Apple Silicon)

This release introduces full support for Air-Gapped / "USB Test" scenarios across all major platforms, answering the demand for secure, offline usage.

Key Features:

• Multi-Arch Standalone Binaries: We now ship three distinct executables attached to this release:
  • aisbom-linux-amd64 (Linux x86_64)
  • aisbom-macos-amd64 (macOS Intel)
  • aisbom-macos-arm64 (macOS Silicon M1/M2/M3)
• Documentation Upgrade: Added comprehensive instructions for "Standalone Binary" usage, including a critical Troubleshooting guide for macOS Gatekeeper permissions (xattr -d).

How to Install:

Pip: pip install aisbom-cli==0.7.5 Binary: Download the appropriate file below, chmod +x it, and run!

Features

• Standalone Binaries: You can now run aisbom without Python installed! Linux (x86_64) and macOS (ARM64) builds are automatically attached to this release. Perfect for air-gapped environments or quick audits ("The USB Test"). Just download, chmod +x, and run ./aisbom scan ..

Improvements

• Build System: Added PyInstaller integration and GitHub Actions workflow for automated binary releases.
• Documentation: Updated README with Quick Start guide for binaries.

Fixes

• Compatibility: Resolved Python < 3.15 requirement for PyInstaller.
• Data Files: Fixed missing CycloneDX and SPDX schemas in frozen builds.

This follow-up release improves the usability of the "Defense in Depth" runtime sandbox by including official wrapper scripts.

New Features

• Sandbox Wrapper (scripts/asb-wrapper.sh): A convenience shell script to run commands inside the amazing-sandbox via uvx without typing the full command string.
• Safe Loader Template (scripts/safe_loader.py): An example Python script demonstrating how to safely load legacy models that require weights_only=False within the isolated environment.

Documentation

Updated Sandboxed Execution Guide to reference the new scripts.

This release solidifies the security architecture with a "Defense in Depth" strategy, aligning AIsbom with the upcoming PyTorch 2.6+ security defaults (weights_only=True).

Security & Linter Improvements

• Arbitrary Execution Detection: The Migration Linter (--lint) now explicitly flags REDUCE, BUILD, and INST opcodes as WARNINGs. This highlights models that require dynamic object construction (a key vector for RCE) while acknowledging that some legacy models rely on this behavior. Logic is now fully aligned with PyTorch's safe_globals validation strategy.

Documentation & Strategy

• Defense in Depth Guide: Added Sandboxed Execution Docs, detailing how to combine Static Analysis (AIsbom) with Runtime Isolation (uvx + amazing-sandbox).
• README Expansion: Updated the README to articulate the two-layer security approach (Layer 1: Static, Layer 2: Runtime).

Maintenance

• Repo Cleanup: Removed temporary staging directories (repro_stage) and moved internal maintenance documentation to .github/MAINTAINERS.md
• Tests: Extended test suite coverage for opcode warnings.

🚀 Features

• CLI Version Check: The CLI now checks for updates in the background and notifies you if a newer version is available.
• Ethical Telemetry: Collects minimal, anonymous usage data (OS, Python version, CI status) to help improve the tool.
  • Privacy: Set AISBOM_NO_TELEMETRY=1 to completely disable this behavior.
• SPDX Support: The offline viewer now supports SPDX 2.2/2.3 JSON files.

🐛 Fixes

• Fixed CI build failure by synchronizing poetry.lock.
• Improved documentation for the scan commands.

📦 Installation

pip install aisbom-cli==0.4.2

This release introduces powerful new compliance and drift detection features, along with standardized output formats.

🚀 New Features

• Diff Command (aisbom diff):
  • Compare two SBOMs to detect silent regressions (risk increases, license changes, hash drift).
  • CI/CD Integration: Automatically exits with code 1 if critical regressions are found, functioning as a quality gate.
• SPDX 2.3 Support:
  • New --format spdx option generates industry-standard SPDX 2.3 JSON artifacts.
  • Fully compliant with ISO/IEC 5962:2021.
• Enhanced Safety Heuristics:
  • Improved detection of malicious patterns in pickle files (e.g., specific posix.system and subprocess calls).
• CLI Telemetry:
  • The "Visualize this report" link now includes version and source tracking to help us improve the platform.

🛠 Improvements

• Output Standardization: Unified the "Visualize this report" panel behavior, ensuring it appears consistently for both CycloneDX (default) and SPDX formats.
• Cleaner Terminal Output: Links are now masked behind clickable text (👉 Open Secure Viewer) to reduce visual clutter.
• Corrected README.md

This release introduces powerful new compliance and drift detection features, along with standardized output formats.

🚀 New Features

• Diff Command (aisbom diff):
  • Compare two SBOMs to detect silent regressions (risk increases, license changes, hash drift).
  • CI/CD Integration: Automatically exits with code 1 if critical regressions are found, functioning as a quality gate.
• SPDX 2.3 Support:
  • New --format spdx option generates industry-standard SPDX 2.3 JSON artifacts.
  • Fully compliant with ISO/IEC 5962:2021.
• Enhanced Safety Heuristics:
  • Improved detection of malicious patterns in pickle files (e.g., specific posix.system and subprocess calls).
• CLI Telemetry:
  • The "Visualize this report" link now includes version and source tracking to help us improve the platform.

🛠 Improvements

• Output Standardization: Unified the "Visualize this report" panel behavior, ensuring it appears consistently for both CycloneDX (default) and SPDX formats.
• Cleaner Terminal Output: Links are now masked behind clickable text (👉 Open Secure Viewer) to reduce visual clutter.

Fix to distinguish python path config (.pth) from pytorch binaries

Remote Scanning (New!)

You can now scan models hosted on Hugging Face without downloading them.

aisbom scan hf://google-bert/bert-base-uncased

• Uses HTTP Range requests to stream only headers and metadata.
• Saves bandwidth and disk space.

Robust handling of GLOBAL opcodes that uses space-separated module

🛡️ Strict Mode (Allowlisting)

New --strict flag. Instead of looking for known malware, block any import that isn't on a safe list (torch, numpy, etc.). Essential for high-security environments.

📝 CI/CD Markdown Reporting

New --format markdown option. Generate beautiful risk tables directly in your GitHub Actions pipeline to post as PR comments.

🧠 GGUF Support

Now scans .gguf headers for License risks (e.g. CC-BY-NC).

🚦 CI Exit Codes

Scanner now returns exit(1) when CRITICAL risks are found, allowing you to block builds automatically.

🚀 Features:

• Pickle scanning now has a strict allowlist option (--strict/--no-strict); unknown imports are flagged as UNSAFE_IMPORT, and high-risk scans exit non-zero (controlled by --fail-on-risk).
• GGUF model support added; mock GGUF artifact generated; README updated to mention GGUF and strict mode.
• Test suite expanded (strict mode, GGUF parsing edge cases, generator utilities, legacy .pt, CLI behaviors); coverage up to ~85%.

Features:

• Add support for GGUF scanning
• Resolve Github Action issues

Features -

• Add support for GGUF scanning
• Add fail-on-risk exit codes and CLI tests
• Add pytest suite and CI workflow

Added License

Docs update:

• Add recording of live malware detection demo

🧪 Fix:

• Path leaking in artifact generation
• Improved info command to pull corrected version

🚀 Updates

• Mock malware and legal risk generation: CLI now provides a packaged way to generate test artifacts.
• No need to git clone entire repo just for testing.

• Fix relative path context in demo_data generator scripts

🚀 Updates

• Dashboard Link: CLI now provides a direct link to the new Offline SBOM Viewer.
• UX Improvements: Better console output formatting.

v0.1.6 - Deploy to Pypi and fix floating tag

🚀 New Features

• Legal Risk Scanning: Now detects "Non-Commercial" (CC-BY-NC) and restrictive licenses in Safetensors metadata.
• Verification Scripts: Added generate_restricted_model.py to allow users to verify legal risk detection locally.
• Documentation: Complete rewrite of README.

feat: add github action configuration

feat: add github action configuration

Improved cli usability and add info command

Full Changelog: Added SHA256 streaming hash calculation for large model artifacts.